Archive for February, 2009

The Commanders Respond – Chiefs of 37 navies from around the world answer the question: What is the most significant maritime security threat facing your nation, and how do your sea services address this challenge?

The anti-piracy deployment of the People’s Liberation Army Navy of China to the Gulf of Aden

It’s hard enough for the public to garner information on the performance of complex subsystems, but now the Navy is clamping down on reports from the Board of Inspection and Survey (INSURV reports)? So what does the Navy want? Is there a security issue here or do some people in the Navy don’t want to be bothered?

Or does the Navy want more wild rumors floating around out there? Because, with this sort of phony-baloney maneuver, that’s what the Navy is going to get.

In December, InSurv president Rear Adm. Raymond Klein decided the reports were to be classified, said Linda Alvers, the FOIA coordinator for Fleet Forces Command. She said she did not know why. Also unclear was whether the classification order applied only to InSurvs performed after December, or whether it included reports from before then.

INSURVs are one of the few remaining tools the public (and independent evaluators) can use to “evaluate” their Navy. INSURVs (along with a few other things) help keep everybody honest. They’re unbiased, frank, and inform both policymakers AND the public.

And now it is all gone. Just in time for the USS Bush (CVN-77) INSURV, too. Go figure.

The route to a better Navy is not found by painting the smiley face bigger. Or by clapping louder. Honesty, honor and willingness to take a frank evaluation are the only ways to improve the Navy.

If that’s too hard, or you’re a star and have trouble digesting my sentiment, then get out of my service. Find employment at a next-gen Enron or something. It’ll pay better.

This one day exercise will allow participants to operate as network attackers or defenders in a live head-to-head experience. The Live Fire Range Exercise is a scenario that puts multiple groups of Red Cell hackers against multiple teams of Blue Cell defenders. Each defending team is given a small network infrastructure with a router, firewall, servers, and desktops. The Blue Cells are responsible for keeping their network alive and functional with real services such as email, e-commerce and DNS. The Red Cells are responsible for attacking the Blue Cell network.

Prizes will be awarded for top defenders and attackers.

The CNA/CND Live Fire Exercise is a Capture the Flag type Red-vs-Blue Attack/Defend scenario. It is being held on a closed network, with the tools (for attack) and the patches (for defend) available on the exercise server. However, Red Teams are strongly encouraged to bring their own tools. All defensive systems (servers, router/firewall, etc.) will be provided. Red Teams must bring their own attack hardware (laptop, Wi-Fi, cat5 cable, etc.)

This exercise will be held in the same room that the Intermediate Penetration Testing (Hacking 102) course will be held the day before. When White Wolf Security sets up for the class, the same network will remain for the exercise. If you are competing, you might want to attend the class to get a feeling for the competition.

Now, for the tough words. Yes, if someone is going to participate as a team of four in the CNA/CND Live Fire Exercise, they will not be able to attend other InfowarCon panels unless their team is knocked out of the competition or they forfeit as competitors. After the competition is over you can join the others. We’re attaching the draft rules. Now, the good news. If you have a team that wants to compete, they can concentrate on winning. If you are one of the fingers-on-keyboard types, you’re probably hosed; you’re going to be working up a sweat attacking/and/or defending. But, if you are in charge you will probably have enough freedom to float around not only the competition but also InfowarCon as well. Our gut feeling and advice? Send a team of four to compete and a team of three to ‘supervise’. Send at least three people in charge, rotate in and out, but those guys aren’t included in the team of four, they’re extra.

How about your competitors? I know the same team that won in the big CTF competition in 2008 is scheduled to compete at InfowarCon 2009. The exercise is not the same, however. How good are your social engineering skills?

This competition is limited to ten teams, so register early!

I have participated in a number of these hacker competitions over the years, originally as the sweating pig at the keyboard then as the supervisor/manager. They are fun…, when you win. Actually they are fun anyway, and are excellent experiences for learning new techniques.

I am practiced in IT security, which means I trained myself to program and don’t have the natural skills the great penetration testers do. Like any profession, there are naturals and the naturals are very talented. One of the problems I have seen government bumping into lately is that very skilled youth are getting sucked up early by IT security companies, not necessarily because the pay is good, but because these IT security companies have effective outreach strategies that identify long before the kids get into college who the naturals of the IT space is.

Several of these young men and women go straight out of high school right into the IT work force, skipping college and unaware of other options, simply because the ‘cool factor’ presented to them from the corporate recruiters was too appealing for these young people to pass up. Recruiting in colleges for top IT talent is also at a premium, it is very rare to see the top technical talent in today’s Universities to be unsure where they will be working by their Junior year.

While it is absolutely true that many of these folks often end up working in government or with the services as consultants from large security companies, I’ve long believed that the public sector including the military is passing up on a real recruiting opportunity for serious IT talent. These type of hacker competitions are not only fun for the participants, but conducted in the right atmosphere, they can be a great experience for professionals and tinkerers alike to simply attend.

There is no reason why any recruiting office, in partnership with sponsors like Red Bull, Geek Squad, and a local University or Community College couldn’t conduct these competitions in several places a year. Based on how popular these type of competitions are, the services will come across a lot of raw, young IT talent; the naturals who usually don’t opt for public service because they simply aren’t aware of it as an option.

Given the resources, job opportunties, and education options the military services can offer compared to the vast majority of corporations trying to recruit the young talent, I’d bet the services will find a number of talented recruits, and given the premium on IT security talent, just getting the right one or two recruits a year would insure the entire program would pay for itself.

The U.S. Navy’s aggressive 30-year shipbuilding and modernization plan suffers from serious deficiencies and could become a victim of its own ambition, according to highly regarded Center for Strategic and Budgetary Assessments (CSBA) analyst Robert Work.

Named for the number of ships the Navy wants by fiscal 2020, the so-called 313-ship fleet plan would leave the service lacking in important capabilities to meet the operational demands of current strategic challenges, Work says in his new report. “Specifically, [the Navy] lacks the range to face increasingly lethal, land-based, maritime reconnaissance-strike complexes or nuclear-armed regional adversaries,” Work wrote. “Moreover, it does not adequately take into account the changing nature of undersea warfare, or the potential prospect of a major maritime competition with China.”

The former Marine Corps colonel also says the Navy’s plans are “far too ambitious” given likely future budget constraints. According to Work, between FY ’03 and ’08, the Navy spent an average $11.1 billion per year on new ship construction. But the Congressional Budget Office projects that cost will nearly double, to between $20 billion and $22 billion. And those costs do not factor in the funds required to build 12 replacements for the current strategic ballistic missile submarine force. “It seems clear, then, that the Navy needs to scale back its current plans,” Work wrote.

Recommendations

Work offers numerous recommendations, including:

• After completing the ongoing midlife refueling cycle for the first 12 of 14 Ohio-class SSBNs, immediately reduce the strategic deterrent fleet to its final target of 12 boats and start work on the SSBN(X) design immediately;

• Begin a concerted research-and-development program for small, manned undersea vehicles, autonomous underwater vehicles and other unmanned underwater systems, as well as a new generation of littoral anti-submarine warfare weapons;

• Slow the production rate of nuclear-powered carriers (CVNs) from one every four years to one every five years, and consider accelerating the current unmanned combat air system (UCAS) demonstration program and planned operational debut;

• Halt production of DDG-1000 destroyers at three ships and restart the DDG-51 production line in FY ’10 while putting the futuristic CG(X) cruiser off until at least FY ’15;

• Ramp up production of the Littoral Combat Ship (LCS) to four per year; and

The Navy’s ship plan has been criticized on Capitol Hill and elsewhere almost since the moment it was unveiled three years ago. The plan, which already acknowledged risk-taking with fewer subs and aircraft carriers than apparently required at times, was an attempt by the sea service to bring order and predictability to its shipbuilding for the Pentagon, Hill and especially industry. But congressional auditors have repeatedly reported on underfunding and disputed accounting methods.

The Pentagon said Wednesday that top military officers and civilians had to sign a letter promising to keep details secret as they work on the military’s budget.

Defense Department press secretary Geoff Morrell told reporters that Secretary Robert Gates made the unusual request out of concern for national security. He said the department didn’t want any leaks to “unravel” the budget process.

“This is highly sensitive stuff involving programs costing tens of billions of dollars, employing hundreds of thousands of people and go to the heart of national security,” he said. “And so he wants this process to be as disciplined and as forthright as possible.

“And he thinks that by having people pledge not to speak out of school, if you will, on these matters while they are a work in progress, that you’ll create a climate in which you can ultimately produce a better product, because people can speak candidly with the confidence that it will not be leaked,” he said.

Gates remained as secretary under Obama after serving under President Bush, but this year is the first time he is requiring the non-disclosure statements.

ADM. KEATING: We’re good friends. (Chuckles.) You’ll know better than most, Jim, with the Coast Guard being in Department of Homeland Security; and we, as a Department of Defense organization, have, I would say, different bosses but common goals.

… We have a Coast Guard one-star who works in our headquarters as the head of our Joint Integrated Task Force. We are — cooperate extensively with the Coast Guard. We share intelligence, we share information, we share operations and we capitalize on the remarkable capability and capacity of the Coast Guard in the Asia-Pacific region.

Who inspired you to write Bound for Africa: Cold War Fight Along the Zambezi?

Following the publication of my first book, “Special Agent, Vietnam” (2006, Potomac Press), I wasn’t ready to begin a new project soon. It had taken eight years to research and write the Vietnam book.

Two of the men who played important roles in its publication, former DNI RADM Tom Brooks and Naval Institute Press director Rick Russell told me they thought there was another book in my story about what happened after I left Vietnam and gravitated to Africa. Although I was never comfortable about writing an autobiography, I agreed to write the story. Once I began to write and re-contact former colleagues and peers – most of them in Africa — those people were emphatic in their support: As with “Special Agent, Vietnam“, this little-known piece of history was being lost as the participants died without telling their stories.

I wrote “Bound for Africa” as an up-close observation of what was then a rapidly evolving counterinsurgency conflict, funded and abetted by Communist China and the Soviets. It had not been my intention to become involved in another war, following three years of Vietnam service, but that’s not how it happened. I’ve done my best to convey to my readers both historical context and my experiences on the ground as events unfolded.

Who should read Bound for Africa?

“Bound for Africa” will have appeal to historians and political scientists – but I wrote it for a broad general readership, intending particularly to recreate the atmosphere, culture and turbulence of the times — a very personal book about the real Africa of the day. I hope that most of my readers will finish the book quietly thinking, “That was a good story, well-told.”

Does it have any lessons learned for today’s policymakers?

I think it does. Although there were elements of the Rhodesian conflict that were uniquely African, I identify many of the same elements we’ve seen in more recent upheavals: Diplomatic failure, polarization evolving into violence and major players fueling conflict from afar.

Africa today represents an enormous challenge – and opportunity – for the United States. Director of National Intelligence Blair’s recent observations about the potential threat posed by economic instability is particularly prescient in much of Africa today. The continent’s greatest asset is its people. They want pretty much the same basic things that most of us hope for: Economic opportunity and the chance to educate their children. The answer, I believe, lies in the economics of commercial engagement.

There is a place for direct aid, there is also a role for educators, doctors and even perhaps carefully-directed military assistance; but in the longer term, responsible jointly-managed trade and business probably has the potential to best bring lasting stability and development to Africa.

I am fond of reminding people that there are multitudes of pro-American Africans today, people who admire our institutions, culture and values. We can now either foster that through constructive engagement or wait for negative economic forces to ripen the seeds of discontent…

How did your time in Vietnam prepare you for Rhodesia/Zimbabwe?

Doubtless it did, in practical ways. I went to Rhodesia intending to become a rural policeman, as a means of experiencing Africa and serving the people. The war intruded on those plans. Vietnam, despite the fact that I’d served as a civilian Special Agent, gave me some good basic military skills – as well as a real sensitivity to the machinations of the West’s perennial Cold War enemies, who were then dabbling in many regions of Africa.

If you had to do it all over again, would you have gone to Africa?

I think so. There is an old saying that once you’ve been to Mother Africa, you never truly leave. That has been true in my case. I’m still working in Africa – and consider myself both fortunate and enriched by the association.

What projects are you working on now?

I’ve made strong starts on two new manuscripts. They are on the back burner now, as I am fully engaged in establishing and starting several commercial projects in West Africa. None is on behalf of American investors, though I hope that will soon change.

Many thanks to the author for his time in making this interview happen and best of luck in his future endeavors.

Continued from yesterday’s post… Initiatives 4-6 as outlined by CAPT Chuck Michel:

4. Coast Guard assets (LEDETs, Patrol Boats, and High Endurance Cutters) deployed to U.S. Central Command (CENTCOM) are supporting CTF-151 efforts to interrupt and terminate acts of piracy and are seen as the subject matter experts in the conduct of boardings by our US and coalition partners. LEDET 405 is currently conducting boardings with Navy Visit Board Search and Seizure (VBSS) teams in the Gulf of Aden. LEDET 405’s current role is to supplement the navy VBSS team and train them in:

USCGC Boutwell has deployed to CENTCOM for a 3-4 month deployment. It is probable that USCGC Boutwell will be assigned to CTF-151 since the USCG is seen as subject matter experts in the conduct of boardings in this “law enforcement related” operation. Coast Guard vessels may also, in the future, carry foreign shipriders to enforce law in the region.

5. The Coast Guard’s international training team offer tailored maritime law enforcement training tied directly to at-sea operations that can be easily integrated in regional capacity building initiatives. The Coast Guard provides a wide range of maritime capacity-building support to AFRICOM’s larger Security Cooperation program and is an active participant in AFRICOM’s theatre campaign planning process. Between 2008-2009, the Coast Guard will provide maritime training to more than 25 African countries through a mix of deployable in-country training and resident training at Coast Guard schoolhouses in the United States. Comprehensive long-term maritime development projects are in the planning stage for Liberia, Uganda, Kenya, Sierra Leone. The Coast Guard supports AFRICOM objectives through periodic ship visits and combined exercises which have historically focused on the West Africa region. Coast Guard support for maritime capacity-building extended to more than 50 countries around the globe annually. Such assistance includes, but is not limited to, resident training, deployable training, assessments, subject matter expert visits, and long-term in-country advisors/mentors.

In addition to training and technical assistance, the Coast Guard provides material support to developing maritime organizations through a robust Foreign Military Sales (FMS) and Excess Defense Article (EDA) program. The following applies specifically to East Africa and those Middle Eastern countries adjacent the “Horn” of Africa:

East Africa recipients (2001-2008):

o Kenya – 56 resident students and 14 mobile training teams to country
o Tanzania – 1 resident student and 2 mobile training team to country
o Mozambique – 7 resident students and 7 mobile training teams to country
o Madagascar – 10 resident students and 8 mobile training teams to country
o Comoros – 1 mobile training team to countryo Seychelles – 5 resident students and 5 mobile training teams to country

* Coast Guard international training and capacity building assistance is on a reimbursable basis and is generally in support of a larger USG (DOD/DOS) funded initiative.

* Coast Guard involvement in maritime capacity-building within the AOR is generally one element in a larger developmental effort managed by host nation or key international partner(s). Coast Guard engagement in the AOR is expected to continue based on funding availability.

6. The Coast Guard is also an active participant in the Africa Partnership Station (APS) program. APS is an international initiative initially developed by United States Naval Forces Europe, which aims to work cooperatively with U.S. and international partners to improve maritime safety and security in Western Africa as part of US Africa Command’s Theater Security Cooperation program. Since the standup of AFRICOM on October 1, 2008, Africa Partnership Station is led by United States Naval Forces Africa, the maritime component to AFRICOM.

APS, is designed to build the skills, expertise and professionalism of Western African militaries and coast guards. The program is delivered in many forms including ship visits, aircraft, training teams, and Seabee construction projects. APS is part of a long-term commitment on the part of all participating nations and organizations from the United States, Europe, and Africa. APS activities consist of joint exercises, port visits, professional training and community outreach with the nations of West and Central Africa. The focus is on building maritime capacity of the nations in the region and increasing the level of cooperation between them to improve maritime safety and security. The goal is to improve the ability of the nations involved to extend the rule of law out to sea and better combat illegal fishing, human smuggling, drug trafficking, oil theft and piracy in the Gulf of Guinea region.

APS 07’s deployment ran from November 2007 to April 2008. Countries visited included Senegal, Togo, Ghana, São Tomé and Principe, Gabon, and Equatorial Guinea. The current APS deployment, aboard USS Nashville, began in January 2009, with a visit to Dakar, Senegal. APS Nashville will visit Senegal, Ghana, Gabon, Cameroon, and Nigeria with an international staff including officers from Great Britain, France, Germany, Ghana, and Cameroon. The time in between major deployments is covered by mobile training team visits, maritime patrol aircraft exercises, and port visits by individual naval vessels.

In April 2004, Lieutenant Colonel Michael Strobl, USMC, came across the name of 19-year-old Lance Corporal Chance Phelps, a young Marine who had been killed by hostile fire in Al Anbar Province, Iraq. Strobl, a Desert Storm veteran with 17 years of military service, requested that he be assigned for military escort duty to accompany Chance’s remains to his family in Dubois, Wyo.

Witnessing the spontaneous outpouring of support and respect for the fallen Marine – from the groundskeepers he passed along the road to the cargo handlers at the airport – Strobl was moved to capture the experience in his personal journal. His first-person account, which began as an official trip report, gives an insight into the military’s policy of providing a uniformed escort for all casualties. The story became an Internet phenomenon when it was widely circulated throughout the military community and eventually reached the mainstream media.